<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Enabling anonymous access | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'anonymous-access.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/anonymous-access.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/anonymous-access.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/anonymous-access.html" rel="nofollow" target="_blank">../en/anonymous-access.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-link"><a href="setting-up-authentication.html">User authentication</a></span>
»
<span class="breadcrumb-node">Enabling anonymous access</span>
</div>
<div class="navheader">
<span class="prev">
<a href="custom-realms.html">« Integrating with other authentication systems</a>
</span>
<span class="next">
<a href="controlling-user-cache.html">Controlling the user cache »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="anonymous-access"></a>Enabling anonymous access<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/authentication/anonymous-access.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>Incoming requests are considered to be <em>anonymous</em> if no authentication token
can be extracted from the incoming request. By default, anonymous requests are rejected and an authentication error is returned (status code <code class="literal">401</code>).</p>
<p>To enable anonymous access, you assign one or more roles to anonymous
users in the <code class="literal">elasticsearch.yml</code> configuration file. For example, the following
configuration assigns anonymous users <code class="literal">role1</code> and <code class="literal">role2</code>:</p>
<div class="pre_wrapper lang-yaml">
<pre class="programlisting prettyprint lang-yaml">xpack.security.authc:
  anonymous:
    username: anonymous_user <a id="CO478-1"></a><i class="conum" data-value="1"></i>
    roles: role1, role2 <a id="CO478-2"></a><i class="conum" data-value="2"></i>
    authz_exception: true <a id="CO478-3"></a><i class="conum" data-value="3"></i></pre>
</div>
<div class="calloutlist">
<table border="0" summary="Callout list">
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO478-1"><i class="conum" data-value="1"></i></a></p>
</td>
<td align="left" valign="top">
<p>The username/principal of the anonymous user. Defaults to
<code class="literal">_es_anonymous_user</code> if not specified.</p>
</td>
</tr>
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO478-2"><i class="conum" data-value="2"></i></a></p>
</td>
<td align="left" valign="top">
<p>The roles to associate with the anonymous user. If no roles are specified, anonymous access is disabled—​anonymous requests will be rejected and return an authentication error.</p>
</td>
</tr>
<tr>
<td align="left" valign="top" width="5%">
<p><a href="#CO478-3"><i class="conum" data-value="3"></i></a></p>
</td>
<td align="left" valign="top">
<p>When <code class="literal">true</code>, a 403 HTTP status code is returned if the anonymous user
does not have the permissions needed to perform the requested action and the
user will NOT be prompted to provide credentials to access the requested
resource. When <code class="literal">false</code>, a 401 HTTP status code is returned if the anonymous user
does not have the necessary permissions and the user is prompted for
credentials to access the requested resource. If you are using anonymous access
in combination with HTTP, you might need to set <code class="literal">authz_exception</code> to <code class="literal">false</code>
if your client does not support preemptive basic authentication. Defaults to
<code class="literal">true</code>.</p>
</td>
</tr>
</table>
</div>
</div>
<div class="navfooter">
<span class="prev">
<a href="custom-realms.html">« Integrating with other authentication systems</a>
</span>
<span class="next">
<a href="controlling-user-cache.html">Controlling the user cache »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>